Configuring network interfaces

Fortinet devices can be connected to any of the FortiAnalyzer unit's interfaces. The DNS servers must be on the networks to which the FortiAnalyzer unit connects, and should have two different IP addresses.

If the FortiManager unit is operating as part of an HA cluster, it is recommended to configure interfaces dedicated for the HA connection / synchronization. However, it is possible to use the same interfaces for both HA and device management. The HA interface will have /HA appended to its name.

The following port configuration is recommended:

Use port 1 for device log traffic, and disable unneeded services on it, such as SSH, TELNET, Web Service, and so on.

Use a second port for administrator access, and enable HTTPS, Web Service, and SSH for this port. Leave other services disabled.

Endpoints can receive updates from any of the interfaces. The DNS servers must be on the networks to which the FortiAnalyzer unit connects, and should have two different IP addresses.

The following port configuration is recommended:

Use port 1 for endpoint connections, and disable unneeded services on it, such as SSH, TELNET, Web Service, and so on.

Use a second port for administrator access, and enable HTTPS, Web Service, and SSH for this port. Leave other services disabled.

To configure port 1:

Go to System Settings > Network. The System Network Management Interface pane is displayed.

Configure the following settings for port1, then click Apply to apply your changes.

Select the Fortinet services that are allowed access on this interface. These include FortiGate Updates and Web Filtering. By default all service access is enabled on port1, and disabled on port2.

Default Gateway

The default gateway associated with this interface.

Primary DNS Server

The primary DNS server IP address.

Secondary DNS Server

The secondary DNS server IP address.

To configure additional ports:

Go to System Settings > Network and click All Interfaces. The interface list opens.

Double-click on a port, right-click on a port then select Edit from the pop-up menu, or select a port then click Edit in the toolbar. The Edit System Interface pane is displayed.

Configure the settings as required.

Click OK to apply your changes.

The port name, default gateway, and DNS servers cannot be changed from the Edit System Interface pane. The port can be given an alias if needed.

Configuring network interfaces

Fortinet devices can be connected to any of the FortiAnalyzer unit's interfaces. The DNS servers must be on the networks to which the FortiAnalyzer unit connects, and should have two different IP addresses.

If the FortiManager unit is operating as part of an HA cluster, it is recommended to configure interfaces dedicated for the HA connection / synchronization. However, it is possible to use the same interfaces for both HA and device management. The HA interface will have /HA appended to its name.

The following port configuration is recommended:

Use port 1 for device log traffic, and disable unneeded services on it, such as SSH, TELNET, Web Service, and so on.

Use a second port for administrator access, and enable HTTPS, Web Service, and SSH for this port. Leave other services disabled.

Endpoints can receive updates from any of the interfaces. The DNS servers must be on the networks to which the FortiAnalyzer unit connects, and should have two different IP addresses.

The following port configuration is recommended:

Use port 1 for endpoint connections, and disable unneeded services on it, such as SSH, TELNET, Web Service, and so on.

Use a second port for administrator access, and enable HTTPS, Web Service, and SSH for this port. Leave other services disabled.

To configure port 1:

Go to System Settings > Network. The System Network Management Interface pane is displayed.

Configure the following settings for port1, then click Apply to apply your changes.